1: Social networking as an avenue of attack
Social networking has experienced a boom in popularity over the last few years. It’s now finding its way from the home into the workplace and up the generational ladder from the young folks into the mainstream. It’s a great way to stay in touch in a mobile society, and it can be a good tool for making business contacts and disseminating information to groups. However, popular social networking sites have been the target of attacks and scammers. Many people let their hair down when posting on these sites and share much more personal data (and even company data) than they should.
As Steve Riley pointed out in his recent talk on attack progressions at the 2009 MVP Summit, today’s young professionals are growing up with social networking, and they expect to have it available to them at work just as older employees expect to be able to use their office telephones for reasonable, limited personal calls.
2: More attacks on the integrity of the data
Another point Steve made in his presentation is that “First they came for bandwidth; now they want to make a difference.” In the past, many attackers were looking for a free ride on your Internet connection. Then the nature of attacks progressed. Instead of the network being the target, it was the data. The next step was stealing data, but step after that is even more insidious: the malicious modification of data.
This can result in catastrophic consequences: personal, financial, or even physical. If a hacker changed the information in a message to your spouse, it could harm your marriage. If the change were to a message to your boss, you might lose your job. Changing information on a reputable Web site regarding a company’s financial state could cause its stock prices to drop. A change to electronic medication orders on a hospital network could result in a patient’s death.
3: Attacks on mobile devices
Laptop computers have presented a known security risk for many years. Today, we are more mobile than ever, carrying important data around with us not just when we go on business trips but every day, everywhere we go, on smart phones that are really just small handheld computers. These devices have important business and personal e-mail, text messages, documents, contact information and personal information stored on them. Many of them have 8 or 16 GB of internal storage and you can add another 32 GB on a micro SD card. That’s much more storage space than the typical desktop computer had in the 1990s.
4: Virtualization
Virtualized environments are becoming commonplace in the business world. Server consolidation is a popular use of virtualization technologies. Desktop virtualization, application virtualization, presentation virtualization — all of these provide ways to save money, save space, and increase convenience for users and IT administrators alike. If it’s properly deployed, virtualization can even increase security — but that’s a big “if.” Virtualization makes security more complicated because it introduces another layer that must be secured. In essence, you now have to worry about two attack surfaces: the virtual machine and the physical machine on which it runs. And when you have multiple VMs running on a hypervisor, a compromise of the hypervisor could compromise all of those machines.
Another virtualization-related threat was demonstrated by the infamous Blue Pill VM rootkit. Hyperjacking is a form of attack by which the attacker installs a rogue hypervisor to take complete control of a server, and VM jumping/Guest hopping exploits hypervisor vulnerabilities to gain access to one host from another.
5: Cloud computing
If virtualization was last year’s buzzword, this year it’s all about “the Cloud.” The uncertain economy and tight budgets have companies looking for ways to lower operating costs, and outsourcing e-mail, data storage, application delivery, and more to cloud providers can present some attractive potential savings. Microsoft, IBM, Google, Amazon, and other major companies are investing millions in cloud services.
Cloud advocates envision a day when we’ll all use inexpensive terminals to access our resources that are located someplace “out there.” But when your data is “out there,” how can you be sure that it’s protected from everyone else “out there?” In fact, the biggest obstacle to moving to the cloud, for many companies and individuals, is the security question. IDC recently surveyed 244 IT executives and CIOs about their attitudes toward cloud services, and 74.6% said security is the biggest challenge for the cloud computing model.
7: Third-party applications
Microsoft has put tremendous effort into securing the Windows operating system and its popular productivity applications, such as Microsoft Office. Linux and Mac receive regular security updates. As operating systems become more and more secure, attackers will focus less on OS exploits and more on application exploits. The major Web browsers are routinely updated to patch security vulnerabilities. But the vendors of many third-party applications are less security-aware.
8: Side effects of green computing
Green computing is all the rage today, and saving energy is certainly a good thing — but as with beneficial medications, there can be unexpected and unwanted side effects. Recycling computer components, for instance, can expose sensitive data to strangers if you don’t ensure that hard drives have really been wiped cleaning.
On the other hand, such green initiatives as powering down systems that aren’t in use can actually enhance security, since a computer that’s turned off isn’t exposed to the network and isn’t accessible 24/7.
9: IP convergence
Convergence is the name of the game today, and we are seeing a melding of different technologies on the IP network. With our phones, cable TV boxes, Blu-ray players, game consoles, and even our washing machines connected to the network, we’re able to do things we never even imagined a decade ago. But all of those devices on an Internet-connected network present myriad “ways in” for an attacker that didn’t exist when only our computers used IP.
We can only hope that the manufacturers of all these devices put security at the forefront; otherwise, we may see a rash of new malware targeting vulnerabilities in our entertainment devices and household appliances.
10: Overconfidence
Perhaps the greatest threat to the security of our networks, whether at work or at home, is overconfidence in our security solutions. Many home users believe that as long as they have a firewall and antivirus installed, they don’t have to worry about security. Businesses tend to put too much faith in the latest and greatest security solutions. For example, there is an assumption that biometric authentication is infallible and undefeatable — but it can be compromised in various ways, and when it is, the legitimate user it was meant to protect becomes the victim. If the system shows that your fingerprint was used to log on, you may be presumed guilty, and an investigation might not even be deemed necessary.
For More Info visit:http://blogs.techrepublic.com.com/10things/?p=602
Thursday, March 26, 2009
Tuesday, March 17, 2009
Three Security Bulletins for Patch Plan by Microsoft
Microsoft is prepping three security bulletins affecting Windows next week as part of Patch Tuesday. The most serious of the bulletins addresses a remote code execution situation. There is no word, however, on a patch for the Microsoft Office Excel zero-day Microsoft warned users about last month.
Microsoft plans to push out three security bulletins next week, the most serious of which is meant to squash at least one remote code execution bug in Windows.
All three bulletins deal with security bugs in Windows, with the other two addressing what Microsoft characterized as "spoofing" issues. The remote code execution bulletin is rated “critical,” and affects Windows 2000, XP, Vista and Windows Server 2003 and 2008.
This month's patch lineup does not include a fix for the zero-day vulnerability affecting Microsoft Office Excel that hackers have been targeting in recent weeks. Microsoft issued an advisory on the bug Feb. 24, warning the bug could allow a hacker to execute arbitrary code if a specially crafted Excel file attempts to access an invalid object.
So far, Microsoft has only reported seeing limited, targeted attacks leveraging the vulnerability. However, the company has publicized workarounds for users concerned about exploitation. For one, Microsoft advises customers to use MOICE opening files from unknown or untrusted sources. Users can also take advantage of Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted senders as well.
The spoofing issues addressed in the two bulletins slated for next week are rated “important.” One of those two bulletins covers Windows 2000, XP, Vista and Windows Server 2003 and 2008. The final bulletin, however, only impacts Windows 2000 and Windows Server 2003 and windows server 2008.
Source:
Microsoft plans to push out three security bulletins next week, the most serious of which is meant to squash at least one remote code execution bug in Windows.
All three bulletins deal with security bugs in Windows, with the other two addressing what Microsoft characterized as "spoofing" issues. The remote code execution bulletin is rated “critical,” and affects Windows 2000, XP, Vista and Windows Server 2003 and 2008.
This month's patch lineup does not include a fix for the zero-day vulnerability affecting Microsoft Office Excel that hackers have been targeting in recent weeks. Microsoft issued an advisory on the bug Feb. 24, warning the bug could allow a hacker to execute arbitrary code if a specially crafted Excel file attempts to access an invalid object.
So far, Microsoft has only reported seeing limited, targeted attacks leveraging the vulnerability. However, the company has publicized workarounds for users concerned about exploitation. For one, Microsoft advises customers to use MOICE opening files from unknown or untrusted sources. Users can also take advantage of Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted senders as well.
The spoofing issues addressed in the two bulletins slated for next week are rated “important.” One of those two bulletins covers Windows 2000, XP, Vista and Windows Server 2003 and 2008. The final bulletin, however, only impacts Windows 2000 and Windows Server 2003 and windows server 2008.
Source:
Thursday, March 12, 2009
Microsoft Fixed Windows 7 Holes with Security Updates
Microsoft stated that the critical fix was for just about every version of Windows, including Windows 2000, XP, Vista, Server 2003 and Server 2008. However, the software giant failed to mention that the update also was intended for Windows 7 under its "Affected Software" heading.
Microsoft did, however, mention that the update affected Windows 7 under the "Frequently Asked Questions" section. In addition to Windows 7, the patch repaired critical flaws in Windows Server 2008 Service Pack 2 Beta and Windows Vista Service Pack 2 Beta.
Altogether, the patch bundle resolved a total of four image vulnerabilities in the Windows kernel, the most serious of which could allow hackers to install malicious code on users' computers without any user intervention by enticing a victim to view a maliciously crafted EMF or WMF image file. The user could then download a Trojan or other piece of malware that would enable hackers to take complete control of the machine and steal sensitive data. Other vulnerabilities repaired by the update could leave the user susceptible to a denial of service attack.
Microsoft's March security update addressed two other security flaws, both deemed "important," that could allow hackers to spoof Web sites in identify theft schemes.
One of the flaws, occurring in the Windows DNS server and the Windows WINS server, could allow a remote attacker to redirect Web traffic to his or her own malicious Web site. Once users opened the maliciously crafted page, attackers could then entice users to submit sensitive password, credit card or bank account information for identity theft activities. Hackers also could infuse the page with malware designed to record keystrokes and steal information, security experts said.
The other "important" fix repaired a bug in the Windows Secure Channel security package that could allow miscreants to spoof a Web site by gaining access to the authentication credentials utilized by the end user.
Microsoft did, however, mention that the update affected Windows 7 under the "Frequently Asked Questions" section. In addition to Windows 7, the patch repaired critical flaws in Windows Server 2008 Service Pack 2 Beta and Windows Vista Service Pack 2 Beta.
Altogether, the patch bundle resolved a total of four image vulnerabilities in the Windows kernel, the most serious of which could allow hackers to install malicious code on users' computers without any user intervention by enticing a victim to view a maliciously crafted EMF or WMF image file. The user could then download a Trojan or other piece of malware that would enable hackers to take complete control of the machine and steal sensitive data. Other vulnerabilities repaired by the update could leave the user susceptible to a denial of service attack.
Microsoft's March security update addressed two other security flaws, both deemed "important," that could allow hackers to spoof Web sites in identify theft schemes.
One of the flaws, occurring in the Windows DNS server and the Windows WINS server, could allow a remote attacker to redirect Web traffic to his or her own malicious Web site. Once users opened the maliciously crafted page, attackers could then entice users to submit sensitive password, credit card or bank account information for identity theft activities. Hackers also could infuse the page with malware designed to record keystrokes and steal information, security experts said.
The other "important" fix repaired a bug in the Windows Secure Channel security package that could allow miscreants to spoof a Web site by gaining access to the authentication credentials utilized by the end user.
Source: http://www.crn.com/security/215801984
Tuesday, March 3, 2009
Windows Server 2003 Security Compliance Management Toolkit
The Windows Server 2003 Security Compliance Management Toolkit provides you with you with an end-to-end solution to help you plan, deploy, and monitor the security baselines of servers running Windows Server 2003 Service Pack 2 (SP2) in your environment.
This Solution Accelerator includes the Windows Server 2003 Security Guide and the GPOAccelerator tool to provide you with prescriptive information and automated tools to establish and deploy your security baseline. This toolkit also provides you with 6 DCM Packs to use with the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 SP1. Use this functionality to help you monitor the implementation of your security baseline for Windows Server 2003 SP2.
The Windows Server 2003 Security Compliance Management Toolkit is part of the Security Compliance Management Toolkit series.
The Windows Server 2003 Security Guide offers a choice of preconfigured security baselines for the following two different environments:
* Enterprise Client. This security baseline is best for most organizations in which functionality is evenly balanced with security.
* Specialized Security – Limited Functionality. This security baseline is best for organizations in which concern for security is so great that a significant loss of functionality is acceptable. For example, military and security agency organizations operate in this type of environment.
Included in the Download
The Windows Server 2003 Security Compliance Management Toolkit includes the following components:
* Security guide – The updated security guide for Windows Server 2003. The guidance provides you with best practices and information about automated tools to help you plan and deploy your security baseline.
* Attack Surface Reference workbook – A resource that lists the changes introduced as server roles are installed on computers running Windows Server 2003.
* Security Baseline Settings workbook – A resource that lists the prescribed settings for each of the preconfigured security baselines that the guide recommends.
* Security Baseline XML – An XML file that allows customers to consume the data defined in the Security Baseline Settings workbook.
* GPOAccelerator tool – A tool that you can use to create all the Group Policy objects (GPOs) you need to deploy your chosen security configuration.
* INF Files – INF files for Windows Server 2003.
* Baseline Compliance Management Overview – An overview that includes best practices about how to monitor security baselines for computers running Windows Server 2003.
* DCM Configuration Pack User Guide – A step-by-step prescriptive user guide about how to use the Configurations Packs in Configuration Manager 2007 SP1.
* DCM Configuration Packs – The toolkit includes 6 DCM Configuration Packs for you to use with the DCM feature in Configuration Manager 2007 SP1.
Download: Here
This Solution Accelerator includes the Windows Server 2003 Security Guide and the GPOAccelerator tool to provide you with prescriptive information and automated tools to establish and deploy your security baseline. This toolkit also provides you with 6 DCM Packs to use with the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 SP1. Use this functionality to help you monitor the implementation of your security baseline for Windows Server 2003 SP2.
The Windows Server 2003 Security Compliance Management Toolkit is part of the Security Compliance Management Toolkit series.
The Windows Server 2003 Security Guide offers a choice of preconfigured security baselines for the following two different environments:
* Enterprise Client. This security baseline is best for most organizations in which functionality is evenly balanced with security.
* Specialized Security – Limited Functionality. This security baseline is best for organizations in which concern for security is so great that a significant loss of functionality is acceptable. For example, military and security agency organizations operate in this type of environment.
Included in the Download
The Windows Server 2003 Security Compliance Management Toolkit includes the following components:
* Security guide – The updated security guide for Windows Server 2003. The guidance provides you with best practices and information about automated tools to help you plan and deploy your security baseline.
* Attack Surface Reference workbook – A resource that lists the changes introduced as server roles are installed on computers running Windows Server 2003.
* Security Baseline Settings workbook – A resource that lists the prescribed settings for each of the preconfigured security baselines that the guide recommends.
* Security Baseline XML – An XML file that allows customers to consume the data defined in the Security Baseline Settings workbook.
* GPOAccelerator tool – A tool that you can use to create all the Group Policy objects (GPOs) you need to deploy your chosen security configuration.
* INF Files – INF files for Windows Server 2003.
* Baseline Compliance Management Overview – An overview that includes best practices about how to monitor security baselines for computers running Windows Server 2003.
* DCM Configuration Pack User Guide – A step-by-step prescriptive user guide about how to use the Configurations Packs in Configuration Manager 2007 SP1.
* DCM Configuration Packs – The toolkit includes 6 DCM Configuration Packs for you to use with the DCM feature in Configuration Manager 2007 SP1.
Download: Here
Labels:
Windows Server 2003 Security
Subscribe to:
Posts (Atom)